Automagic component governance cgmanifest.json generation
#636
Conversation
cgmanifest.json
Outdated
| "NuGetVersion": "120.6.0.1" | ||
| } | ||
| }, | ||
| "License": "MIT", |
There was a problem hiding this comment.
I do not think these licenses are correct, Maven lists it as "Android Software Development Kit License".
There was a problem hiding this comment.
The idea was: "kill em all and let god sort em out".
cgmanifest is there. For those about to rock and check which license is right. Name them and I will assign this PR to them.
There was a problem hiding this comment.
I'm not sure what you're advocating here. We should not be putting in incorrect data. If we cannot create valid data then it is better to omit it.
There was a problem hiding this comment.
I tried to find a way to fill in the data. This was 1st attempt, so everything is default value for GPS. I could have make it null and make it disappear, or empty string, so there is placeholder for manual update.
Namely making everything completely correct will be near to manual task. Recall Install Referrer which changes licenses on version basis. I came across that case by accident, dumping cgmanifest data like here and comparing. Now, the question is: if we set license and it changes in the future, how do we detect it? License will be incorrect until detected.
Now we have list of components. Some data is currently wrong until I finish workaround for majority of artifacts to fill in License data.
There was a problem hiding this comment.
Yeah, it's definitely going to be a challenge (or impossible) to automagically generate correct license data. However we will not be able to publish incorrect license data. I think the default will need to be to omit license data if we cannot determine the correct license.
build/scripts/utilities.csx
Outdated
| @@ -0,0 +1,65 @@ | |||
| #! "net5.0" | |||
There was a problem hiding this comment.
Is this file used? Or is the utilities.cake mechanism used? This file does not exist in the AndroidX version, and we should probably do both repos with the same process.
There was a problem hiding this comment.
both. I was testing my nugets.
Options do not hurt.
There was a problem hiding this comment.
Seems like scripting has issues with resolving prerelease packages. Both cake and dotnet script. Nugets are downloaded and resolved, but assemblies are not loaded.
When i published nuget as release everything worked in both cake and csx.
| "ArtifactId": "play-services-ads-base", | ||
| "GroupId": "com.google.android.gms", | ||
| "Version": "20.6.0", | ||
| "NuGetId": "Xamarin.GooglePlayServices.Ads.Base", |
There was a problem hiding this comment.
Should NuGetId and NuGetVersion be included? They are not in the existing cgmanifest.json files that are being removed.
There was a problem hiding this comment.
Looking at the docs I could find (https://docs.opensource.microsoft.com/tools/cg/features/cgmanifest), these are not valid values. Additionally, none of the license values are specified. Do you have a more recent doc that describes the structure of the cgmanifest.json file?
There was a problem hiding this comment.
Should
NuGetIdandNuGetVersionbe included? They are not in the existingcgmanifest.jsonfiles that are being removed.
you approved
https://github.com/xamarin/XamarinComponents/pull/1025/files
https://github.com/xamarin/XamarinComponents/pull/1025/files
I will stop here.
If you think about it, the purpose of CG is to track buggy/insecure/faulty 3rd party artifacts.
If some artifact+version is bound and delivered/published to our clients/customers it wold be good to know which nuget was that... And that would be NuGetId+Version.
There was a problem hiding this comment.
Looking at the docs I could find (https://docs.opensource.microsoft.com/tools/cg/features/cgmanifest), these are not valid values. Additionally, none of the license values are specified. Do you have a more recent doc that describes the structure of the
cgmanifest.jsonfile?
https://github.com/microsoft/vscode/blob/main/.vscode/cgmanifest.schema.json
Why is it a problem to add NugetId and NugetVersion?
There was a problem hiding this comment.
if you see here
no one thinks about Maven inside Nuget, so there is no data model for that
marklindsey11/PowerShell@01069f0
maven inside nuget is bindings we do
There was a problem hiding this comment.
If you think about it, the purpose of CG is to track buggy/insecure/faulty 3rd party artifacts.
This is true, but this is accomplished by having a contract that standard tools can parse and understand. Adding our own non-standard data to it will not benefit anyone because no tools will be able to understand it.
There was a problem hiding this comment.
NugetId was redth's idea for improvements (maven to artifact mappings). He added it to several bindings in XamarinComponents repo and he used it in Xamarin.Binding.Helpers. I have no details about the project.
https://github.com/Redth/Xamarin.Binding.Helpers
I found the schema after I generated the code.
There was a problem hiding this comment.
I guess it doesn't hurt to add unused data to JSON, so we can do this.
There was a problem hiding this comment.
removed all extras, which were old attempts to solve problems (talked to redth about it).
Does this change any of the generated binding API's?
No.
Describe your contribution
Automagic component governance
cgmanifest.jsongeneration